package cn.tedu.straw.portal.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    @Autowired
    UserDetailsServiceImpl userDetailsService;
    //密码加密器配置
//    @Bean
//    PasswordEncoder passwordEncoder(){
//        //return NoOpPasswordEncoder.getInstance();
//        return new BCryptPasswordEncoder();
//    }


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 登录页面
        String loginPageUrl = "/login.html";
        // 处理登录的URL，即登录表单提交到哪里去
        String loginProcessingUrl = "/login";
        // 不需要登录即可访问的URL
        String[] urls = {
                loginPageUrl,
                loginProcessingUrl,
                "/favicon.ico",
                "/browser_components/**",
                "/css/**",
                "/img/**",
                "/js/**",
                "/npm/**",
                "/register.html",
                "/portal/user/reg/student"
        };
        http.authorizeRequests()
                //不需要登陆可访问
                .antMatchers(urls).permitAll()
                .antMatchers("test/user/add").hasAnyAuthority("创建用户", "系统管理员")
                .antMatchers("test/user/delete").hasAnyAuthority("删除用户", "系统管理员")
                .antMatchers("test/user/update").hasAnyAuthority("修改用户", "系统管理员")
                .antMatchers("test/user/list").hasAnyAuthority("查看用户", "系统管理员")
                //对所有对url请求开启请求权限验证
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage(loginPageUrl)
                .loginProcessingUrl(loginProcessingUrl);;
        //跨域攻击保护解除，开启异步提交请求
        http.csrf().disable();
    }
}
